Replenum Agent Skill
Security checks across malware telemetry and agentic risk
Overview
This is a coherent reputation-registry skill, but it can periodically submit signed external reputation records without a clear per-action approval or rollback boundary.
Install only if you want your agent to participate in Replenum’s external reputation system. Use a dedicated signing key, avoid sensitive agent identifiers or relationship metadata, require user approval before attestations where possible, and disable or strictly cap periodic heartbeat behavior and paid x402 calls unless you explicitly want them.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.